Moving clouds

With enterprises of all sizes looking at moving to a cloud-based infrastructure, more and more people are starting to ask the question, how do we move it?

Tags: Cloud computingSafeNet Incorporated
  • E-Mail
By  Mike Smart Published  January 26, 2012

With enterprises of all sizes looking at moving to a cloud-based infrastructure, more and more people are starting to ask the question, how do we move it? Mike Smart, EMEA product and solutions director at SafeNet discusses the security angle.

Everyone is beginning to realise the potentially huge benefits of moving their datacentre onto the cloud. There are the substantial savings from overcoming the limitations of server capacity, avoiding in-house maintenance costs, and enabling easy access to information regardless of the location. Furthermore, the cloud offers great scalability and reduces the time spent on deployment and database maintenance, thus allowing IT departments to focus on more strategic activities such as fostering innovation and business growth.

But, even as they contemplate these, organisations hit an obstacle: how to resolve the issues of cloud security and regulatory compliance which hinder the smooth transition to the cloud. Unfortunately there appears to be no single, all-encompassing solution. And indeed, businesses planning to move their data to the cloud are faced with a number of security issues such as: how do you separate your database from the rest of the data stored in the cloud? And even if you manage to do so, how do you control who is accessing your data and prevent administrative rights abuse by privileged users? If we add to these concerns the regulation and compliance issues, it becomes clear why many organisations are still reluctant to adopt cloud computing despite the great advantages it offers.

While there is no one-size-fits-all solution to all these challenges, adopting a data centric approach to cloud security can help organisations mitigate all these issues and risks and create the assurance that their data is properly protected and secured in the cloud.

The first step to achieving that is data encryption. Encrypting valuable data will not only provide effective separation of your data from the rest of the cloud environment, but it will also make it illegible to cybercriminals or any other unauthorised third parties who don’t have the encryption keys. Another great advantage of encryption is that it protects data in motion, not only data at rest. As businesses depend more and more on ensuring access to information anytime, anywhere and on any device, there is no excuse for organisations not to protect all data and the communication layer of data exchange.

Additional security could be added by encrypting the virtual storage on the cloud server where the data resides.

However, an organisation needs to apply another layer of security to secure the encryption itself as even encrypted data could be compromised if unauthorised users get access to the encryption keys. Unfortunately it is a common practice for many organisations to store the encryption keys on the same server where their data resides. This exposes cloud-based data to plenty of vulnerabilities and opens the door to cybercriminals. Once they have managed to access the database, they can easily get hold of the encryption keys.

To ensure that their data is protected regardless of where it resides, businesses need to embrace encryption and ensure they have an effective key management policy. This will place the full control of cloud data in the hands of organisations rather than third party cloud service providers and will provide the needed transparency to achieve better compliance and trust in the cloud.

Mike Smart is EMEA Product and Solutions Director at SafeNet.

2479 days ago

i started using TAWKLE
and its free and unlimited

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code